package com.example.express_order.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * 权限控制一共两层
 * 第一层 .antMatchers("/order_test").access("#oauth2.hasAnyScope('ROLE_ORDER_ADMIN,ROLE_USER,ROLE_COURIER,ROLE_API')")
 * 第二层是@PreAuthorize("permitAll()")
 * 只要将两者权限都打开，就可以不登录访问
 */

@RestController
public class ControllerTest {
    @RequestMapping("order_test")
    @PreAuthorize("permitAll()")
    public String r1(){
        return "订单系统访问成功!";
    }
    @RequestMapping("no_login")
    public String r2(){
        return "order_test_2不登陆访问成功!";
    }
    @RequestMapping("register")
    public String r3(){
        return "register不登陆访问成功!";
    }
}
